S£CR£'f' (b) (3)-P.L. 86-36

TEMPEST: A Signal Problem

The story of the discovery of various compromising radiations from communications and Comsec equipment.

In 1962, an officer assigned to a very smaJl intelligence found with microphones for? Why was there a large metal detachment in Japan was performing the routine duty of grid carefully buried in the cement of the ceiling over the inspecting the area around his little cryptocenter. As Department of State communications area? A grid with a required, he was examining a zone 200 ft. in radius to see wire leading off somewhere. And what was the purpose of if there was any "clandestine technical ." the wire that terminated in a very fine mesh of smaller hair. Across the street. perhaps a hundred feet away, was a like wires? And. while we were at it, how did these finds ,i., hospital controlled by the Japanese government. He relate to other mysterious finds and reports from behind "i sauntered past a kind of carport jutting out from one side of the Curtain-reports dating clear back to 1953? the building and, up under the eaves, noticed a peculiar Why, way back in 19:54, when the Soviets published a 1 thing-a carefully concealed dipole antenna, horizontally 1 polarized. with wires leading through the solid cinderblock rather comprehensive set of standards for the suppression wall to which the carport abutted. He moseyed back to his of radio frequency interference, were those standards much more stringent for their teletypewriters and other headquarters, then quickly notified the counter-intelligence I communications equipment than for such things as \ people and fired off a report of this "find" to Army Securi­ diathermy machines, industrial motors, and the like, even ! ty Agency, who. in turn, notified NSA. He was directed to though the teletypewriters were much quieter in the first examine this antenna in detail and perhaps recover it, but place? although the counter-intelligence folks had attempted to keep the carport under surveillance that night, the antenna Behind these events and questions lies a long history had mysteriously disappeared when they checked the next beginning with the discovery of a possible threat. the slow day. Up on the roof of the hospital was a forest of Vagi's, recognition of a large number of variations of that threat, TV antennae, all pointing towards Tokyo in the normal and, lumbering along a few months or a few years fashion, except one. That one was aimed right at the U,S. afterwards, a set ofcountermeasures to reduce or eliminate cryptocenter. each new weakness that has been revealed. You may recall the highly publicized flap which The Problem Defined occurred in 1964 when more than 40 microphones were discovered in the U.S. embassy in Moscow. Most people To state the general nature of the problems in brief: were concerned about all the conversations that may have Any time a machine is used to process classified been overheard and the resultant compromise of our electrically, the various switches, contacts. diplomatic plans and intelligence activities associated with relays, and other components in that machine may emit the embassy. We were concerned with something else: radio frequency or acoustic energy. These emissions, like What could those microphones do to the cryptomachines tiny radio broadcasts. may radiate through free space for used there? And what were the unpublirized gadgets also considerable distances-a half mile or more in some cases.

26 S£CItE'f" IIltlJ9Y VII. CarillA" EII:v."iY QtJIs¥ 5ECR£'f'

?r they may ~e induced on nearby conductors like signal being processed-a fast performance, by the way, that has lines, power lines, telephone lines, or water pipes and be rarely been equalled. . conducted along those paths for some distance- and here . The Signal Corps was impressed by this display and we may be talking ofa mile or more. directed to explore this phenomenon in depth When these emissions can be intercepted and recorded, and provide modifications to the 131-B2 mixer to suppress it is frequently possible (0 analyze them and recover the the danger. In a matter of six: months or so, Bell Labs had intelligence that was being processed by the source identified three separate phenomena and suggested three equipment. The phenomenon affects not only cipher basic suppression measures: machines· but any information-processing (a) Shielding (for radiation through space, and equipment-teletypewriters. duplicating equipment, magneticfields) inrercornms, facsimile, computers-you name it. But it has (b) Filtering (for conducted signals on power lines, special significance for cryptomachines because it may signal lines, etc.) reveal not only the plain texts of individual menages being (c) Masking (for either space-radiated or conducted processed but also that carefully guarded information about signals, but mostly for space) the internal machine processes. Thus, conceivably, the machine could be radiating information which could lead Bell Labs went ahead and modified a mixer, calling it the I31-A-1. In it they used both shielding and filtering to the reconstruction of our daily changing keying variables-s-and from a Comsec viewpoint, that is absolutely techniques. Signal Corps took one look at it and turned the worst thing that can happen to us. This problem of thumbs down. The trouble was. to contain the offending compromising radiation we have given the covername signals, Bell had to virtually encapsulate the machine. TEMPEST. Instead of a modification kit that could be sent to the field, the machines would have to be sent back and rehabilitated. The encapsulation caused problems of heat dissipation. Discovery by Bell Lab made maintenance extremely difficult, and hampered operations by limiting access to the various controls. Now, let's go back to the beginning. During World Instead ofbuying this monster, the Signal Corps resorted War II, the backbone systems for Army and Navy secure to the only other solution they could think of. They went teletypewriter communications were one-time tapes and out and warned commanders of the problem, advised them the primitive crypto-equipment SIGTOT. For encrypting, to control a zone about 100 feet in diameter around their the Services used a Bell-telephone mixing device, called communications center to prevent covert interception. and a 13 I -B2. When one of these mixers was being tested in let it go at that. And the cryptologic community as a whole a Bell laboratory. a researcher noticed, quite by accident, let it go at that for the next seven years or so. The war that each time the machine stepped, a spike appeared on an ended; most of the people involved went back to civilian oscilloscope in a distant part of the lab. After he examined life; the files were retired, dispersed, and destroyed. The these spikes more carefully. he found that he could read the whole problem was, apparently, forgotten. Then, in 195 L, plain text ofthe message being enciphered by the machine! the problem was, for all practical purposes, rediscovered by CIA when they were toying with the same old 131-B2 Bell Telephone faced a dilemma. They had sold the mixer. They reported having read plain text about a equipment to the military with the assurance that it was quarter mile down the signal line and asked if we were secure, but it wasn't. The only thing they could do was to interested. Of course, we were. Some power line and signal tell rhe Signal Corps about it. which they did. There they line filters were built and immediately installed on these met the charter members of a dub of skeptics who could equipments and they did the job pretty well as far as not believe that these tiny pips could really be exploited conducted signals were concerned. Space radiation under practical field conditions. They are alleged to have continued unabated, however, and the first of many said something like: "Don't you realize there's a war on? "radiation" policies was issued in the form of a letter from We can't bring our cryptographic operations to a AFSA to all Sigint activities, requiring them to: screeching halt based on a dubious and esoteric laboratory phenomenon. If this is really dangerous, prove it." So. the 1. Control a zone 200 feet in all directions around Bell engineers were placed in a building on Varick Street in their cryptocenters, or New York. Across the street and about 80 feet away was 2. Operate at least 10 TTY devices simultaneously Signal Corps' Varick Street cryptocenter. The engineers (the idea of masking; putting out such a profusion of recorded signals for about an hour. Three or four hours signals that interception and analysis would be difficult), or later, they produced about 75 % of the plain text that was 3. Get a waiver based on operational necessity.

IINJ9ibi '1'1.\ EebllN'F (I fAPUJEl:5 SIft:. SECRET 27 -~--- -~-~--~~------

SECH'i"

The Sigint community conformed as best it could; and, device, is usually enough to prevent sufficiently accurate in some instances. general-service communicators adopted recordings to permit exploitation. Shotgun similar rules. The figure of 200 feet. by the way, was quite microphones-the kind used to pick up a quarterback's arbitrary. It had not been determined because we had hard signals in a huddle-and large parabolic antennae are evidence that. beyond that distance. interception was effective at hundreds of feet-if there is a direct shot at impractical; rather. it was the larg~t security zone we the equipment. The acoustic threat is, therefore. confined believed the majority of stations could reasonably main­ to those installations where the covert interceptor can get rain, and we knew that, with instrumentation then avail. some kind of microphone-such as an ordinary telephone able, exploitation at that range would, at best, be exceed­ that has been bugged or left off the hook-in the same ingly difficult. room with the information-processing device. We also discovered that, when the room is "sound-proofed" with At the same time that we were trying to cope with the ordinary acoustic tide, the job of exploitation is easier 13) -B2 mixer. we began to examine every other cipher because the sound-proofing cuts down reflected and machine. Everytbing' tested radiated. and radiated rather reverberating sound, providing clearer signals. A disturbing prolifically. With rotor machines. the voltage on their discovery was that ordinary microphones. probably planted power lines tended to fluctuate as a function of the number to pick up conversations in a cryptocenter. could detect of rotors moving. and so a fourth phenomenon, called machine sounds with enough fidelity to permit pourer line modllaltion, was discovered. exploitation. And such microphones were discovered in j Progress in examining the machines and developing Prague. Budapest, Warsaw and, of course. Moscow. ij suppression measures was very slow. By 1955, however, a number of possible techniques for suppressing the Seismics phenomena had been tried. FiJterin8 techniques were refined somewhat; teletypewriter devices were modified so that aU relays operated at once and only a single spike was produced with each character, instead of five smaller spikes. representing each baud, but the size of the spike 'Ij. ,I changed with each character produced, and the analysts ~ \ could still read it quickly. A "balanced" ten-wire system was tried which would cause each radiated signal to appear Ii identical. but to achieve and maintain such balance proved impractical. Hydraulic techniques-to replace the I electrical-were tried and abandoned, and experiments ! were made with different types of batteries and motor ~enerators. in attempts to lick the power-line problem. None was very successful. During this period, the business of discovering new TEMPEST threats. or refining techniques and instrumentation for derecting, recording. and analyzing these signals, progressed more swiftly than the art of suppressing them. Perhaps the attack is more exciting than the defense-something more glamorous about finding a way to read one of these signals than going through the drudgery necessary to suppress that whacking great spike first seen in 1943. At any rate. when they turned over the next rock. they found the acoustic problem under it. i ! Phenomenon No. '5. ~I Acoustics We found that most acoustic emanations lire difficult to exploit if the microphonic device is outside of the room containing the source equipment; even a piece of paper inserted between, say, an offending keyboa.rd and a pick-up

28 S£€R£T II ViQhi VII. Ea'dIP~" EIb\ffNEU er4t j ii

b) (1) (b)(3)-50 USC 403 (b) (3)-P.L. 86-36 SfCftEY

Flooding

IfJt14EiLE ..I,. t:BhrIlJT EIIAfJNEl:S 8NLY SECRE'f' 29

(b) (1) (b)(3)-50 USC 403 (b) (3)-18 USC 798 (b) (3)-P.L. 86-36 ) (1) )(3)-50 USC 403 (3)-P.L. 86-36 SECRET'

The TSEC KL-7A the versi n fth KL-7 modified

Anomalies

30 SECRET Jhtf4BLf • lit eeft'Il'¥ E. htf4l4EL5 8fJLY

(b) (1) (b)(3)-50 USC 403 (b) (3)-P.L. 86-36

b) (3)-P.L. 86-36